Update severity in file CVE-2025-8405.json (!60) · Merge requests · GitLab.org / GitLab CVE assignments

PSIRT noticed a gap with the current automation and the incorrect severity was published on https://about.gitlab.com/releases/2025/12/10/patch-release-gitlab-18-6-2-released/#cve-2025-8405---improper-encoding-in-vulnerability-reports-impacts-gitlab-ceee

PSIRT Bug Bounty council confirmed the true severity is 7.7 (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N) instead of 8.7 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N).

Edited Dec 12, 2025 by Kayla Hagopian

Update severity in file CVE-2025-8405.json

Merge request reports